CRITICAL 9.8
PYSEC-2026-539
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker
상세
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-3059 [ADVISORY]
- https://github.com/sgl-project/sglang/pull/20904 [WEB]
- https://github.com/sgl-project/sglang [PACKAGE]
- https://github.com/sgl-project/sglang/blob/main/python/sglang/multimodal_gen/runtime/scheduler_client.py [WEB]
- https://github.com/sgl-project/sglang/releases/tag/v0.5.10 [WEB]
- https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities [WEB]
- https://pypi.org/project/sglang [PACKAGE]
- https://github.com/advisories/GHSA-rgq9-fqf5-fv58 [ADVISORY]